Posted
by
kdawson
on Friday May 28, 2010 @10:11AM
from the worthy-of-neal-stephenson dept.

A month ago we mentioned India's suspicions that telecomm equipment from China might contain backdoors. There hasn't been any smoking gun on such speculation. Now reader littlekorea sends in some background on the ties one important Chinese telecomm vender might or might not have to the government there. "Conspiracy theories abound as to whether networking kit vendor Huawei is owned or controlled by the Chinese government and/or the military-industrial complex. But who really owns Huawei? Kiwi journalist Juha Saarinen headed to Shanghai to find out."

Just compare the code byte for byte with Cisco's. Any differences are the Chinese backdoor

I used to work in office where the upper floor was rented by Huawei: At first there would be 2-3 people, but they exponentially grew up to a small (and short) 100 I estimate.

Our cars on the driveway got hit more as there were more chinese and their "parking skills" were so telling, people started parking their cars close to those employers so they could get it through insurance to replace parts of their cars.

During lunch, it was pretty the hallucinant experience as well..

They never talked about their work or interacted with us, but when I inquired with my colleagues, it was the consensus: "They just relabel Cisco hardware and software."

The problem is that it used to be true. The Japanese and Koreans started out with nothing more than 1 for 1 copies (the Messerschmitt Me-262 vs the Nakajima J9Y comes to mind). Now they do innovate and come up with unique designs and design improvements, but because of their past it's hard for them to escape the reputation even when it no longer applies. The Chinese are in the same boat.

US German enginners and Soviet German engineers also come to mind (nevermind all the German patents, tech, etc.); or ignoring by the US early intellectul rights (or whatever the promoted term was back then) when it suited you.

Where did I say that the US is blameless? Further, you make very grand use of the pronoun 'you' when in fact I myself am for abolishing patents. I speak only of realities, the world we live in with all its misconceptions and misperceptions. I don't confuse and conflate what I want with what really happens.

Possibly similar? Your rhetorical ambiguity is nothing less than disingenuous. The history of Japanese industrial development is well documented. In the example I cited, the development of the Nakajima J

"You" as applying to a group or country (really, practically any country...); it's not my fault EN doesn't distinguish readily between second persons of singular and plural.

And sure, perhaps I overdo trying being neutral about current situation (that was about the Chinese), circumstances of which are still unfolding and won't be properly known for some time. Perhaps it will turn out they do a lot more copying than everybody thought; perhaps the contrary.

Go read the "Criticisms and controvery" section. There's a reason people are suspicious of Huawei. Because they're criminals who've been caught with their hand in the cookie jar on more than one occasion.

Yes, they were a bit sidelined for few last centuries; considering the above list it's not totally unreasonable to look at any possible present "tech stealing" as collecting debt, in the process of revving up again.

"Debt" (figurative of course) - it's not like Chinese got much in return for those inventions, also discoveries, etc. But some of those things were probably of great benefit to progress outside their borders.

So I guess China should have created protections and worked with international governments a lot sooner? The bottom line is today, now, it's _ILLEGAL_. We have international regulations governing copyrights. Pointing out that the Chinese invented clay pots 4,000 years ago or something is not relevant to the discussion.

The Japanese and Koreans started out with nothing more than 1 for 1 copies

I think it was Hyundai that bought Honda tooling and designs and essentially modified the panels a little so no one would confuse the cars and printed out-date Hondas (with assembly issues not in the Hondas). And many chips were "stolen" by Taiwan. And the US ripped off everything from everyone prior to the 1900s. It wasn't until after the industrial revolution was coming to a close when they realized they were now pretty much ah

It's a bit easier to be skeptical of the Chinese stealing our stuff when it is a well-established fact that China (the country, not just the companies) actively tries to seed their nationals into our corporations to steal our intellectual assets.

I'd love to hear some examples of Americans caught stealing Chinese secrets. Because I can provide the names of foreign nationals who have been caught stealing industrial secrets from American corporations. Seriously, maybe there are some that I just don't know about and aren't reported here.

I think the big difference is the socioeconomic systems are very different. America will never have state sponsored corporate espionage to benefit American corporations. They just aren't interlinked to the govern

Just compare the code byte for byte with Cisco's. Any differences are the Chinese backdoor.

So lemme get this straight. If you believe that the American government is involved in a conspiracy or conspiracies, such as the overwhelming evidence that the official story explaining 9/11 is not the whole story, then you're a nut, a loon, a conspiracy nut, a crazy right-wing wacko, and nobody should listen to you because you suggest a conspriacy.

If you believe that the Chinese government is involved in a conspiracy or conspiracies, such as the evidence that it caused companies to insert backdoors int

Sure, I will.
The patriot act was suppose to be used against terrorists. So far, there has been less then one use/year dealing with terrorism. All the other uses were against drugs, common criminals. And that was what was detailed. The real question is, what is missing?

if I told you "that man threw shit at me!", you'd probably be reluctant to believe me. if I said "that monkey threw shit at me!", you might find that easier to accept. that double standard has to go! [for the analogical reasoning impaired, what i mean is that the term "double standard" only applies when two parties are judged/treated differently on the basis of something that is irrelevant to the issue at hand. one could argue that the chinese govt is more likely to be involved in a conspiracy like this tha

Judging from the article author's name, he's obviously of Finnish origin. Now, Linux was created in Finland. Therefore, the Finnish government is the real controller behind Linux and this article is an attempt by the government of Finland to discredit a competitor in the world market for information technology.

See, pulling out conspiracy theories from one's ass is not so difficult...

"So lemme get this straight. If you believe that the American government is involved in a conspiracy or conspiracies, such as the overwhelming evidence that the official story explaining 9/11 is not the whole story"

b) commit indiscriminate mass murder and terrorism against one's own people, intentionally, including blowing up the nation's own military headquarters. (This is not the same as violently suppressing dissent or suspicious ethnic groups, lots of governments do that).

Besides, if Dick Cheney and the other usual conspiratorial suspects were involved with 9/11 they would have blown up the skyscrapers using bombs, and then blamed it on Saddam. They didn't give a crap about Afghanistan. And they definitely would NOT attack the Pentagon.

He still has a point, and it is pretty easily confirmed, get the code sitting on one model from china and another that has the proper linux~cisco router code, and compare byte for byte, then all the bytes that make up sections of code that are NOT part of the original, there is most likely your backdoor, and also proof that this is happening...that's all he was saying...

If you've ever worked with the Chinese, then you'll know they have zero respect for software licences, including the GPL. On one memorable occasion, we had to fight and threaten legal action to get some firmware released by Chinese contractors, and when they did, it was all cut and paste from well-known GPL'd projects.

Gear of such kind would also have to pass approval from several institutions. Also in places which are not only moderately decent corruption-wise...but have probably strong interest in discovering a reason to ban such faulty equipment (having in their borders Nokia Siemens, Ericsson...). Yes, it's formally probably only compliance with electromagnetic regulations and communication standards, but c'mon.

While in practice it may end up just as "they have zero respect for software licenses", I do think it is more fair to accept that their culture has a completely different concept of ownership and thus copyright. It's not as if "our" views of these matters are god-given and the only possible and correct ones.

Umm. The wackos that believe that the US Government is responsible for the 9/11 attacks are left wing, not right wing. Right wing wackos believe that the President of the US dose not have a real birth certificate. Different group. Same wacko level. You are an idiot.

True, but you're missing a couple of things. One: Right-wingers already had their confirmation bias fulfilled by the official explanation (brown people around the world are out to destroy America the Beautiful), so they were always extremely unlikely to start asking any questions.

Second, there's lots of conservatives who consider themselves Truthers. I've yet to meet any lefties who are birthers. Or, in other words, not all delusions are the same. [blogspot.com]

Hasnt it been shown (ie, here, and other places) [debunking911.com] that it would take ridiculous quantities of thermite to bring down the WTC towers, on the order of tens of thousands of pounds? And that using thermite would be retarded anyways?

Dont let that stop you, though, Id be interested in how truthers get around that little obstacle-- its bound to be amusing.

Seriously, that was exactly what I was going to say, but I'll even go one further: it would surprise me in the least if Huawei's equipment had a backdoor put into Cisco's equipment by the NSA that Huawei didn't catch when stealing the source code.

I totally understand the undercurrent of your comment, and I don't dispute this could be the case. From a security standpoint it may be impossible to detect hardware intervention in any ASIC they may have had, particularly since it can run in parallel with no intervention in software (or preloaded at final test or wafer test).

Huawei should have been subject to ITC embargoes years ago for their technical thievery from the Western network equipment makers. It isn't a surprise to me that this kind of backdoor would exist. People get everything they deserve for buying their equipment from a company started by a Chinese army officer and Communist Party official.

I had assumed that everyone was aware that Hauwei started out by copying Cisco's code and manuals - byte for byte - word for word. Programming errors and typos in the manuals were all fully duplicated in Hauwei's product. Based on some of the replies to my first post, I guess everyone was not aware of this.
Cisco sued Hauwei and settled out of court. Here is Cisco legal filing (details on pg 3 & 4): http://newsroom.cisco.com/dlls/Cisco_Mot_for_PI.pdf [cisco.com]
TFA asked who owns & controls Hauwei. We don't know what the terms of the legal settlement were. Maybe Cisco owns a large stake.

BS. Everyone is selfish. Everyone looks out for their own interests first. If they give their lives away in altruism it is only for some reward beyond. The reason "everyone" hates the U.S. is because the U.S. has been materially successful in the last couple hundred years. "Everyone" perceives this kind of "success" as more desirable than what they have. I think it's high time that "Everyone" quit envying the material success of the U.S. and started appreciating what they already have, or at least could

So again, I for one, am happy that new laws in the US will help the world be safter.

I assume the is sarcasm, right? Obviously the new laws will continue protect special interests (not US in general, but specific lobbies) , generally maintain the status quo and not affect any real change.

(although to be fair, protecting lobby groups does often have a "rising tides" effect)

Something about selling capitalists the rope with which they will hang themselves?

We don't need conspiracy theories on this one, because China doesn't need this kind of stuff to meet its goals. Assuming China ever overtakes the United States as a global superpower, it will be by furnishing us with our every economic desire, enabling our massive consumer overspending and lending to aid our government's ever-ballooning spending. Assuming the Chinese state has more control over this company than what we're seeing, the last thing they're going to do with it is put in tech that, if discovered, would seriously hamper trade with the West.

What is the difference between a back door, and a section of code which is deliberately a little bit sloppy to allow for a vulnerability that would just be very difficult for someone to discover? You are assuming that any back-door which does exist would be well labeled as such and therefore serve the function of a smoking gun if discovered. In reality it would probably be far easier to just not fix certain bugs deliberately and provide detailed documentation of them to the right people.

Well exactly. It's a back door but it wouldn't be all that special to "discover" it. There is no risk in leaving those types of holes in the system and they work just as well as the ones which you create deliberately.

Even further, if they are reverse engineering cisco products to create their own, it's entirely possible that they have accumulated a number of valuable zero day exploits that can be used against the firmware which they have extensively studied as part of their duplication efforts.

This strikes me as a straw man argument in many ways. Why would we assume that the ownership of the company has anything to do with the possible influence or even direct manipulation of the products produced by the state in which the company is headquartered and operated? That is a very western view. Even if we take that point for granted, the public shareholders of even a US company have quite limited visibility into its day to day operations beyond quarterly financial and very broad and deliberately li

A cynic would suggest that what our "analyst" friends are actually so butthurt about is the fact that all those sweet, sweet shares are locked up in some oddball quasi-coop/quasi-privately-held arrangement, rather than floating around on stock exchanges, where they can be traded and hedged and sliced and diced (for a variety of nice commissions) by the more and less blatantly parasitic middlemen who live there.

Rather analogous to the swarms of "social security reformers" who talk a lot about cash-flow and solvency; but are basically pissed off that all those billions aren't being overseen by Wall Street, for an appropriate fee...

Now, as a separate issue, it seems quite plausible that Huawei's stuff is bugged. A certain "coziness" seems to be virtually inevitable between strategic corporations and the state's military and intelligence arms. That was certainly the case in the (formally) much less government dominated economy of the US during the cold war, I have no reason to suspect that it isn't the case in china now. However, stuff doesn't get bugged because sinister agents of the state buy 51% of the shares, and then introduce a "motion to bug hardware shipped to capitalist running dogs" at the next shareholder meeting. There are much subtler and more tactful ways of getting that done.

Consider, for instance, the tracking codes [eff.org] produced by numerous models of color laser printer, built around print engines produced by a number of different companies, ostensibly as an "anti-counterfeiting measure". This occurred despite the fact that the US Secret Service has no ownership stake in any of the companies involved. Exactly what inducements where used is unknown; but anybody who thinks that stock ownership is particularly relevant is a moron.

So, after reading the fine article, it seems to me that the company is, officially at least, a coop. Only employees are allowed to own shares, which are primarily used as a method of profit sharing and performance rewards. It's actually not a bad model if you don't need the capital you can get by selling stock. There's a handful of companies in the US that do things much the same one, Ocean-spray being the first example that comes to mind.

I don't see anything in the article about if/when/how the Chinese government influences the company beyond an offhand remark about the CEO's past work at the beginning and an otherwise unsupported statement at the end. How exactly would the company being publicly traded ally fears that the Chinese government is exerting control? It isn't as if the stockholders would have to know about the situation, nor would the fallout be any more severe if they were found out (either way the company would be going bankrupt very rapidly).

In a Co-op it is the customers/members that own the company. And it is the customers/members that have voting rights [which in my mind, is the key question when it comes to ownership.]

It is not a Partnership because the shares don't have voting rights - I think. From the article: "A 'small committee' of 33 union members are elected by other shareholders employed by Huawei to make decisions." I am not sure but it sounds like Huawei selects key people to vote. It sounds like m

yes having worked for and been a member of a high tech coop (poptel) its not evident that Huawei is a coop I dont belive that all the shares are held only by employees. One of the major problems for coops is access to funding even if you start of by pirateing your product you still need capital to build a company.

having this dual structure ie the company is owned by a holding company that is owned by the members of the coop is the way poptel was structured.

The CEO, like many CEOs in the US and around the world, have suspicious ties to the military and government. Typically this is why they make so muh money, they know the people who control the big contracts.

There is a structure that makes it appear that the workers own the company. Having worked for a US company controlled by Asian interests, I found the structure rather familiar. It is done to reward workers based on results, and retain good employees.

Other than that, there is no overwhelming evidence of government ties. Just a company with a management structure meant to maximize the appearance of employee control. The fact that the façade may not match reality does not mean the reality is a conspiracy.

When T-Mobile released the "T-Mobile Tap" -- manufactured by Huawei -- I bought it the first week. It was cheap, had a huge screen, and counted as a "dumbphone" so it wasn't subject to the smartphone data plan upcharge.

I've regretted that purchase every single day since.

I posted a litany of woes over on the HoFo forum [howardforums.com]. I have never had a phone that provided me with such daily reminders of why I don't buy new products.

The interface is clunky and inconsistent -- it's clear that one dev team built the dialer, another dev team built the text message system, and another one built the contacts. All of those reference things like typing and phone number entry, but they all do it in different ways! And, they all suck. In fact, none of the functions play well together. All of the built-in apps can be dragged onto the "desktop", but most of them go away every time you power-cycle.

And the hardware is cheap. Every time a sound plays (like a ringtone) on the external speaker, there's an audible "pop" as the speaker gets power and another "pop" when the sound completes and the speaker powers down. And the processor often bogs down during complex tasks, such as entering a phone number.:P Of course, it's a sub-$200 touchscreen, so I didn't expect top-notch hardware -- if that's all that sucked, I'd be happy.

The worst part is just cropping up now, though. Random software issues are killing the digitizer. I'm quite certain it's not hardware, because it typically happens after running a Java app (such as the built-in Google Maps, or the Opera Mini I downloaded but can barely use because the phone only gives it a data connection half the time). Also, strange behavior occurs when the digitizer is wonky, like when the text message notification bar goes away or the options at the bottom of the screen disappear and leave the background visible.

Maybe it's not just bad software... maybe these are indications that the Chinese government is monitoring my calls and text messages. Maybe I got on their bad side by using Google Voice? If that's the case, they're getting a whole lot of messages like "I'll have to call you back, my phone is crapping out again".

I learned one lesson, at least. If the manufacturer isn't willing to put their name on it, don't buy it! T-Mobile should follow that advice, instead of tarnishing their name by associating it with this piece of crap Tap.

Such devices are really just a side business for Huawei anyway. They are big in mobile network equipment - base stations, their backbone, etc. Apparently it's comparably good & reliable to "old" brands, while being significantly cheaper. And becoming more and more popular.

Then apparently good & reliable enough; either way, I don't think it's a coincidence that few networks using them, from my general area, seem to be at least as good as other in network reliability perceived by users; and offering them great deals.Shouldn't they also only improve?

It's interesting to note that out of the three cellular networks here in New Zealand, the one with Huawei equipment (i.e. 2degrees) operates the most reliable network. Vodafone with their Nokia GSM/UMTS network has issues a few times a year and Telecom with their Alactel-Lucent UMTS network suffered multiple massive days-long outages during the end of last year and early tis year. 2degrees has operated flawlessly since they launched.

Well clearly it must be due to the equipment not one of the thousands of other factors that could lead to those outages. Thanks for your anecdotal evidence that has completely convinced me that Huawei makes superior network equipment.

"We can make the enemy's command centers not work by changing their data system. We can cause the enemy's headquarters to make incorrect judgments by sending disinformation. We can dominate the enemy's banking system and even its entire social order." General Pan, Chinese PLA

Now, that was in 1996. I think he read the tea leaves correctly even back then, and the world has become a lot more interconnected in the last 14 years. Read More [uscc.gov]

Yes because they can afford to have 10million people in the government who's sole job it is to annoy and slow down their economy, that must be why it is increasing at a mere 10%/yr lately.

Anyone who thinks this is feasible or that it wouldn't kill their economy is an idiot. And if you mean they just exert control on occasion using a set of rules the gov came up with.... those would be called LAWS we have em too, get over it. The country is different but they aren't fucking aliens.

"the fast-growing telco supplier's ownership structure is still fascinating, strange and tricky for Western observers to understand."...whereas, of course, the ownership structures of 'Western' companies are *always* beautifully transparent! sheesh.

I have been using Huawei's sonet gear for the last 5 years. I work for a CLEC. I have about 50 nodes in the field.They are a mix of M800s, M1600s, and M3600s that are spread out over multiple states. They are a real pleasureto use and have been rock solid. Their price point compared to other vendors was a no brainer and have allowedus to improve our network.

Take the M1600 which is a 3-4U box. It has 8 slots that can take a wide array of cards from OC48, 12 DS3s, 28 T1s,ethernet GigE ports, ethernet 10/100 p

This article notes nothing abnormal about Huawei's corporate structure, for a Chinese corporation or any corporation. The author describes an employee stock ownership plan, ESOPs exist in plenty of western nations and there is nothing sinister about them.

The author trying to use this round about "the company setup weird, that makes it bad" argument belies the fact that corporate structure is irrelevant to the quality of the products produced.

Buy the right hardware and run M0n0wall or pfsense. If you can audit the code of your firewall it's the only way to be sure there are no backdoors in it.

I have had a M0n0Wall running for well over 6 years with no problems. Granted it's for a very small company with only a few thousand users.... but there are some out there doing the work for fortune 500 companies.

The shares themselves are known by the Huawei internal term "Virtual Restricted Shares", but according the company spokesman, this is "just a technical name" for otherwise "normal" shares.

Then says this:

Employees allocated shares have to return these when they leave Huawei's employ, according to the spokesman.

Then no those are not shares, everything the spokeman says at this point is likely a lie. Mr. Webb sums it up well:

"Unless and until Huawei becomes a stand-alone widely held listed company with employees free to trade their shares and without a controlling shareholder, these suspicions and allegations will likely continue."

>>Employees allocated shares have to return these when they leave Huawei's employ,

Actually this is the normal way things work when you leave a coop a lot of coops don’t even have an internal share proxy.

>>Unless and until Huawei becomes a stand-alone widely held listed company with employees free to trade their shares and without a controlling shareholder, these suspicions and allegations will likely continue."

Is it a coop if 99% of "shares" are held by employees, and the last 1% is held by a non-employee and the only voting shares are in that last 1%?

It looks like it's structured to look like a coop, but with the shares being held only by the company (issuing revocable non-voting shares to employees doesn't make it a coop) it looks like it isn't a coop.

A month ago we mentioned India's suspicions that telecomm equipment from China might contain backdoors. There hasn't been any smoking gun on such speculation.

Then why do you put such speculation right up there with the headline?

Me thinks there is much propaganda in the above quote. India sees China as its competitor politically and economically. The Indians will always raise 'concerns', 'doubts' and 'fears' to confuse people... about the devious Chinese (or others they don't agree with). I would much rat

It is unlikely that their "size" (whatever that means to you) will have any effect on the economic basis for which their and our country are propagated. Building an economy on consumerism means you always need consumers. The US is pretty much the pinnacle of consumerism, so we will always be at least civil with china. At least until their basic daily wage reaches par with ours. I don't foresee that actually happening, but it's arguably possible.

That isn't strictly true. Sure, if you draw an org chart, and everyone falls under "the state", then it looks like you couldn't possibly have a "complex" with only a single actor.

However, "The state" is never a monolithic actor. Indeed, more totalitarian states can have incredibly colorful internal power struggles, with individuals competing for influence over various state organs, with new organs being created as more loyal replacements for older, ideologically challenged ones, sometimes even direct conflict between different state entities.

If, in practice, you have a situation where factional leaders in whatever military organ is dominant are strongly aligned, strategically, financially, culturally, with the factional leaders in the dominant industrial entities, the fact that the theoretical org chart says that they are all under one state doesn't really interefere with this being a situation usefully describable as a "military industrial complex", any more than the fact that, in the US case, the public sector military and the private sector industry are supposedly separate.